39 research outputs found

    203 - Subhojeet Mukherjee

    No full text
    Here is a link to a recent CSU source publication on our exploits at the 1st Cyber Truck Challenge, Warren, Michigan: https://source.colostate.edu/cybertruck-challenge-students-hack-truck-steal-show/.Here is a link to our project website: http://www.cs.colostate.edu/dbsec/HeavyVehicle/.Here is a link to my personal website which lists some of my works in detail: http://www.cs.colostate.edu/~subhomuk/.Inside today's vehicles, embedded electronic control units (ECUs) manage different operations by communicating via the serial CAN bus. It has been shown that the CAN bus can be accessed by remote attackers to disrupt/manipulate normal vehicular operations. Heavy-duty vehicles, unlike their lighter counterparts, follow a common set of communication standards (SAE J1939) and are often used for transporting critical goods, thereby increasing their asset value. This work deals with the internal communication security of heavy-duty vehicles and is aimed at detecting /preventing malicious activities that can adversely affect human lives and company fortunes reliant on such modes of transportation.CSU Ventures Drivers of Innovation - Platinum award

    Automated security analysis of the home computer

    No full text
    2014 Spring.Includes bibliographical references.Home computer users pose special challenges to the security of their machines. Often home computer users do not realize that their computer activities have repercussions on computer security. Frequently, they are not aware about their role in keeping their home computer secure. Therefore, security analysis solutions for a home computer must differ significantly from standard security solutions. In addition to considering the properties of a single system, the characteristics of a home user have to be deliberated. Attack Graphs (AGs) are models that have been widely used for security analysis. A Personalized Attack Graph (PAG) extends the traditional AGs for this purpose. It characterizes the interplay between vulnerabilities, user actions, attacker strategies, and system activities. Success of such security analysis depends on the level of detailed information used to build the PAG. Because the PAG can have hundreds of elements and manual analysis can be error-prone and tedious, automation of this process is an essential component in the security analysis for the home computer user. Automated security analysis, which applies the PAG, requires information about user behavior, attacker and system actions, and vulnerabilities that are present in the home computer. In this thesis, we expatiate on 1) modeling home user behavior in order to obtain user specific information, 2) analyzing vulnerability information resources to get the most detailed vulnerability descriptions, and 3) transforming vulnerability information into a format useful for automated construction of the PAG. We propose the Bayesian User Action model that quantitatively represents the relationships between different user characteristics and provides the likelihood of a user taking a specific cyber related action. This model complements the PAG by delivering information about the home user. We demonstrate how different user behavior affects exploit likelihood in the PAG. We compare different vulnerability information sources in order to identify the best source for security analysis of the home computer. We calculate contextual similarity of the vulnerability descriptions to identify the same vulnerabilities from different vulnerability databases. We measure the similarity of vulnerability descriptions of the same vulnerability from multiple sources in order to identify any additional information that can be used to construct the PAG. We demonstrate a methodology of transforming a textual vulnerability description into a more structured format. We use Information Extraction (IE) techniques that are based on regular expression rules and dictionaries of keywords. We extract five types of information: infected software, attacker/user/system preconditions, and postconditions of exploiting vulnerabilities. We evaluate the performance of our IE system by measuring accuracy for each type of extracted information. Experiments on influence of user profile on the PAG show that probability of exploits differ depending on user personality. Results also suggest that exploits are sensitive to user actions and probability of exploits can change depending on evidence configuration. The results of similarity analysis of vulnerability descriptions show that contextual similarity can be used to identify the same vulnerability across different vulnerability databases. The results also show that the syntactic similarity does not imply additional vulnerability information. Results from performance analysis of our IE system show that it works very well for the majority of vulnerability descriptions. The possible issues with extraction are mainly caused by: 1) challenging to express vulnerability descriptions by regular expressions and 2) lack of explicitly included information in vulnerability descriptions

    A heuristic-based approach to automatically extract personalized attack graph related concepts from vulnerability descriptions

    No full text
    2017 Fall.Includes bibliographical references.Computer users are not safe, be it at home or in public places. Public networks are more often administered by trained individuals who attempt to fortify those networks using strong administrative skills, state-of-the-art security tools and meticulous vigilance. This is, however, not true for home computer users. Being largely untrained they are often the most likely targets of cyber attacks. These attacks are often executed in cleverly interleaved sequences leading to the eventual goal of the attacker. The Personalized Attack Graphs (PAG) introduced by Ubranska et al. [24, 25, 32] can leverage the interplay of system configurations, attacker and user actions to represent a cleverly interleaved sequence of attacks on a single system. An instance of the PAG can be generated manually by observing system configurations of a computer and collating them with possible security threats which can exploit existing system vulnerabilities and/or misconfigurations. However, the amount of manual labor involved in creating and periodically updating the PAG can be very high. As a result, attempt should be made to automate the process of generating the PAG. Information required to generate these graphs are available on the Internet in the form of vulnerability descriptions. This information is, however, almost always written in natural language and lacks any form of structure. In this thesis, we propose an unsupervised heuristic-based approach which parses vulnerability descriptions and extracts instances of PAG related concepts like system configurations, attacker and user actions. Extracted concepts can then be interleaved to generate the Personalized Attack Graph

    On the design of a moving target defense framework for the resiliency of critical services in large distributed networks

    No full text
    2018 Fall.Includes bibliographical references.Security is a very serious concern in this era of digital world. Protecting and controlling access to secured data and services has given more emphasis to access control enforcement and management. Where, access control enforcement with strong policies ensures the data confidentiality, availability and integrity, protecting the access control service itself is equally important. When these services are hosted on a single server for a lengthy period of time, the attackers have potentially unlimited time to periodically explore and enumerate the vulnerabilities with respect to the configuration of the server and launch targeted attacks on the service. Constant proliferation of cloud usage and distributed systems over the last decade have materialized the possibilities of distributing data or hosting services over a group of servers located in different geographical locations. Existing election algorithms used to provide service continuity hosted in the distributed setup work well in a benign environment. However, these algorithms are not secure against skillful attackers who intends to manipulate or bring down the data or service. In this thesis, we design and implement the protection of critical services, such as access-control reference monitors, using the concept of moving target defense. This concept increases the level of difficulty faced by the attacker to compromise the point of service by periodically moving the critical service among a group of heterogeneous servers, thereby changing the attacker surface and increasing uncertainty and randomness in the point of service chosen. We describe an efficient Byzantine fault-tolerant leader election protocol for small networks that achieves the security and performance goals described in the problem statement. We then extend this solution to large enterprise networks by introducing random walk protocol that randomly chooses a subset of servers taking part in the election protocol

    Applying static code analysis to firewall policies for the purpose of anomaly detection

    No full text
    Department Head: Bruce Austin Draper.2009 Summer.Includes bibliographical references (pages 71-74).Treating modern firewall policy languages as imperative, special purpose programming languages, in this thesis we will try to apply static code analysis techniques for the purpose of anomaly detection. We will first abstract a policy in common firewall policy language into an intermediate language, and then we will try to apply anomaly detection algorithms to it. The contributions made by this thesis are: 1. An analysis of various control flow instructions in popular firewall policy languages 2. Introduction of an intermediate firewall policy language, with emphasis on control flow constructs. 3. Application of Static Code Analysis to detect anomalies in firewall policy, expressed in intermediate firewall policy language. 4. Sample implementation of Static Code Analysis of firewall policies, expressed in our abstract language using Datalog language

    On the design of a secure and anonymous publish-subscribe system

    No full text
    2012 Summer.Includes bibliographical references.The reliability and the high availability of data have made online servers very popular among single users or organizations like hospitals, insurance companies or administrations. This has led to an increased dissemination of personal data on public servers. These online companies are increasingly adopting the publish-subscribe as a new model for storing and managing data on a distributed network. While bringing some real improvement in the way these online companies store and manage data in a dynamic and distributed environment, publish-subscribe is also bringing some new challenges of security and privacy. The centralization of personal data on public servers has raised citizens' concerns about their privacy. Several security breaches involving the leakage of personal data have occured, showing us how crucial this issue has become. A significant amount of work has been done in the field of securing the publish-subscribe. However, all of this research assumes that the server is a trusted entity, an assumption which ignores the fact that this server can be honest but curious. This leads to the need to develop a means to protect publishers and subscribers from server curiosity. One solution to this problem could be to anonymize all communications involving publishers and subscribers. This solution will raise in turn another issue which involves how to allow a subscriber to query a file that was anonymously uploaded in the server by the publisher. In this work, we propose an implementation of a communication protocol that allows users to asynchronously and anonymously exchange messages and that also supports a secure deletion of messages

    Multi-criteria analysis in modern information management

    No full text
    Department Head: L. Darrell Whitley.Includes bibliographical references.The past few years have witnessed an overwhelming amount of research in the field of information security and privacy. An encouraging outcome of this research is the vast accumulation of theoretical models that help to capture the various threats that persistently hinder the best possible usage of today's powerful communication infrastructure. While theoretical models are essential to understanding the impact of any breakdown in the infrastructure, they are of limited application if the underlying business centric view is ignored. Information management in this context is the strategic management of the infrastructure, incorporating the knowledge about causes and consequences to arrive at the right balance between risk and profit. Modern information management systems are home to a vast repository of sensitive personal information. While these systems depend on quality data to boost the Quality of Service (QoS), they also run the risk of violating privacy regulations. The presence of network vulnerabilities also weaken these systems since security policies cannot always be enforced to prevent all forms of exploitation. This problem is more strongly grounded in the insufficient availability of resources, rather than the inability to predict zero-day attacks. System resources also impact the availability of access to information, which in itself is becoming more and more ubiquitous day by day. Information access times in such ubiquitous environments must be maintained within a specified QoS level. In short, modern information management must consider the mutual interactions between risks, resources and services to achieve wide scale acceptance. This dissertation explores these problems in the context of three important domains, namely disclosure control, security risk management and wireless data broadcasting. Research in these domains has been put together under the umbrella of multi-criteria decision making to signify that "business survival" is an equally important factor to consider while analyzing risks and providing solutions for their resolution. We emphasize that businesses are always bound by constraints in their effort to mitigate risks and therefore benefit the most from a framework that allows the exploration of solutions that abide by the constraints. Towards this end, we revisit the optimization problems being solved in these domains and argue that they oversee the underlying cost-benefit relationship. Our approach in this work is motivated by the inherent multi-objective nature of the problems. We propose formulations that help expose the cost-benefit relationship across the different objectives that must be met in these problems. Such an analysis provides a decision maker with the necessary information to make an informed decision on the impact of choosing a control measure over the business goals of an organization. The theories and tools necessary to perform this analysis are introduced to the community

    Integration of task-attribute based access control model for mobile workflow authorization and management

    No full text
    2019 Spring.Includes bibliographical references.Workflow is the automation of process logistics for managing simple every day to complex multi-user tasks. By defining a workflow with proper constraints, an organization can improve its efficiency, responsiveness, profitability, and security. In addition, mobile technology and cloud computing has enabled wireless data transmission, receipt and allows the workflows to be executed at any time and from any place. At the same time, security concerns arise because unauthorized users may get access to sensitive data or services from lost or stolen nomadic devices. Additionally, some tasks and information associated are location and time sensitive in nature. These security and usability challenges demand the employment of access control in a mobile workflow system to express fine-grained authorization rules for actors to perform tasks on-site and at certain time intervals. For example, if an individual is assigned a task to survey certain location, it is crucial that the individual is present in the very location while entering the data and all the data entered remotely is safe and secure. In this work, we formally defined an authorization model for mobile workflows. The authorization model was based on the NIST(Next Generation Access Control) where user attributes, resources attributes, and environment attributes decide who has access to what resources. In our model, we introduced the concept of spatio temporal zone attribute that captures the time and location as to when and where tasks could be executed. The model also captured the relationships between the various components and identified how they were dependent on time and location. It captured separation of duty constraints that prevented an authorized user from executing conflicting tasks and dependency of task constraints which imposed further restrictions on who could execute the tasks. The model was dynamic and allowed the access control configuration to change through obligations. The model had various constraints that may conflict with each other or introduce inconsistencies. Towards this end, we simulated the model using Timed Colored Petri Nets (TCPN) and ran queries to ensure the integrity of the model. The access control information was stored in the Neo4j graph database. We demonstrated the feasibility and usefulness of this method through performance analysis. Overall, we tended to explore and verify the necessity of access control for security as well as management of workflows. This work resulted in the development of secure, accountable, transparent, efficient, and usable workflows that could be deployed by enterprises

    Towards an efficient vulnerability analysis methodology for better security risk management

    No full text
    2010 Summer.Includes bibliographical references.Risk management is a process that allows IT managers to balance between cost of the protective measures and gains in mission capability. A system administrator has to make a decision and choose an appropriate security plan that maximizes the resource utilization. However, making the decision is not a trivial task. Most organizations have tight budgets for IT security; therefore, the chosen plan must be reviewed as thoroughly as other management decisions. Unfortunately, even the best-practice security risk management frameworks do not provide adequate information for effective risk management. Vulnerability scanning and penetration testing that form the core of traditional risk management, identify only the set of system vulnerabilities. Given the complexity of today's network infrastructure, it is not enough to consider the presence or absence of vulnerabilities in isolation. Materializing a threat strongly requires the combination of multiple attacks using different vulnerabilities. Such a requirement is far beyond the capabilities of current day vulnerability scanners. Consequently, assessing the cost of an attack or cost of implementing appropriate security controls is possible only in a piecemeal manner. In this work, we develop and formalize new network vulnerability analysis model. The model encodes in a concise manner, the contributions of different security conditions that lead to system compromise. We extend the model with a systematic risk assessment methodology to support reasoning under uncertainty in an attempt to evaluate the vulnerability exploitation probability. We develop a cost model to quantify the potential loss and gain that can occur in a system if certain conditions are met (or protected). We also quantify the security control cost incurred to implement a set of security hardening measures. We propose solutions for the system administrator's decision problems covering the area of the risk analysis and risk mitigation analysis. Finally, we extend the vulnerability assessment model to the areas of intrusion detection and forensic investigation

    Digital signatures to ensure the authenticity and integrity of synthetic DNA molecules

    No full text
    2019 Spring.Includes bibliographical references.DNA synthesis has become increasingly common, and many synthetic DNA molecules are licensed intellectual property (IP). DNA samples are shared between academic labs, ordered from DNA synthesis companies and manipulated for a variety of different purposes, mostly to study their properties and improve upon them. However, it is not uncommon for a sample to change hands many times with very little accompanying information and no proof of origin. This poses significant challenges to the original inventor of a DNA molecule, trying to protect her IP rights. More importantly, following the anthrax attacks of 2001, there is an increased urgency to employ microbial forensic technologies to trace and track agent inventories. However, attribution of physical samples is next to impossible with existing technologies. In this research, we describe our efforts to solve this problem by embedding digital signatures in DNA molecules synthesized in the laboratory. We encounter several challenges that we do not face in the digital world. These challenges arise primarily from the fact that changes to a physical DNA molecule can affect its properties, random mutations can accumulate in DNA samples over time, DNA sequencers can sequence (read) DNA erroneously and DNA sequencing is still relatively expensive (which means that laboratories would prefer not to read and re-read their DNA samples to get error-free sequences). We address these challenges and present a digital signature technology that can be applied to synthetic DNA molecules in living cells
    corecore